﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Security.Principal;
using System.Web;
using System.Web.Http;
using System.Web.Http.Controllers;

namespace EnvirProtection.App_Start
{
    public class RBAuthorizeAttribute:AuthorizeAttribute
    {
        public string Description { get; set; }
        protected override bool IsAuthorized(HttpActionContext actionContext)
        {
            var resourceName = actionContext.ActionDescriptor.GetCustomAttributes<RBAuthorizeAttribute>().Any()
                ? actionContext.ActionDescriptor.ActionName
                : actionContext.ControllerContext.ControllerDescriptor.ControllerName;
            IPrincipal principal = actionContext.ControllerContext.RequestContext.Principal;

            return base.IsAuthorized(actionContext);
        }
        protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
        {
            actionContext.Response =
                actionContext.ControllerContext.Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "未授权");
        }
    }
}